From 67c677c3677039dccc8a75aa5db8fe03b88dc565 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Thu, 18 Jul 2024 06:42:11 -0700 Subject: [PATCH] Fix test regressions related to krb5 ccache change We still need to have a temporary ccache for validating credentials within secrets.tdb, and the test for klist output needs to be updated for the keyring-backed kerberos ccache. --- .../middlewared/utils/directoryservices/krb5_constants.py | 3 +++ tests/api2/test_032_ad_kerberos.py | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/middlewared/middlewared/utils/directoryservices/krb5_constants.py b/src/middlewared/middlewared/utils/directoryservices/krb5_constants.py index 2cc2b4e871fa3..8d9a8c19715b4 100644 --- a/src/middlewared/middlewared/utils/directoryservices/krb5_constants.py +++ b/src/middlewared/middlewared/utils/directoryservices/krb5_constants.py @@ -1,5 +1,7 @@ import enum +from middlewared.utils import MIDDLEWARE_RUN_DIR + KRB_TKT_CHECK_INTERVAL = 1800 PERSISTENT_KEYRING_PREFIX = 'KEYRING:persistent:' @@ -10,6 +12,7 @@ class KRB_Keytab(enum.Enum): class krb5ccache(enum.Enum): SYSTEM = f'{PERSISTENT_KEYRING_PREFIX}0' + TEMP = f'{MIDDLEWARE_RUN_DIR}/krb5cc_middleware_temp' USER = PERSISTENT_KEYRING_PREFIX # middleware appends UID number to this diff --git a/tests/api2/test_032_ad_kerberos.py b/tests/api2/test_032_ad_kerberos.py index 79530ff4389ba..9b1e889fd52ab 100644 --- a/tests/api2/test_032_ad_kerberos.py +++ b/tests/api2/test_032_ad_kerberos.py @@ -333,8 +333,8 @@ def test_verify_nfs_krb_disabled(): def test_kerberos_ticket_management(do_ad_connection): klist_out = call('kerberos.klist') assert klist_out['default_principal'].startswith(hostname.upper()), str(klist_out) - assert klist_out['ticket_cache']['type'] == 'FILE' - assert klist_out['ticket_cache']['name'] == '/var/run/middleware/krb5cc_0' + assert klist_out['ticket_cache']['type'] == 'KEYRING' + assert klist_out['ticket_cache']['name'].startswith('persistent:0') assert len(klist_out['tickets']) != 0 to_check = None